from the good-record-keeping dept

We recently wrote about how TSA-approved vendor, Verified Identity Pass, had lost a laptop containing all sorts of unencrypted data on people who had applied to be a part of the TSA's "fast pass" Clear program (letting you skip the long security lines for a $100/year). While the laptop was eventually found (in the same place it was lost), the company insists that no data on the laptop was compromised, and has sent out emails to applicants for Clear. But, it appears that at least something is amiss as
David Weinberger received one of the emails despite never having applied for the program. So apparently they're just informing people at random now. Or someone else applied in Weinberger's name. Makes you feel very secure, doesn't it?

from the well,-that-depends... dept

More than five years ago, we first discussed whether or not it made sense to take a laptop with you on vacation. Many people do so, and say that it's actually quite useful, because it allows them to stay caught up with work with just a little bit of effort. The end result is that when they get back to work, they're not overwhelmed with everything they missed. Now, however, a psychologist in the UK insists that taking a laptop on vacation is "stupid" and can break up your family. Seems a bit extreme. Having done vacations both with and without my laptop, I'd say that it actually depends quite a bit on the person, the job and the vacation (well, and the other family members). Mike Elgan, over at Computerworld does an excellent job shredding the psychologist's faulty logic:

Clearly he's not talking about attention itself, but diverting attention using a computer. Cooper's clear assumption is that work is "bad" and that leisure is "good," that technology (a laptop) is "bad" and non-technology (a book) is "good."

Cooper also makes a host of other assumptions. For starters, he assumes that you're disconnected from your own family all year, and need to "commune again with your family, connect with your children." So that's his advice? Become alienated from your own family, then "commune" with them for only two weeks a year? Why does he assume alienation in the first place?

Cooper assumes that you're some nine-to-fiver who doesn't do creative work. As an opinion columnist, good ideas can strike me anytime, anywhere. That's true for a lot of different kinds of people. For many, a laptop is merely a writing tool, and a source of information and inspiration.

An increasing number of digital nomads are traveling without taking time off. The laptop *enables* travel and time away with family rather than creating a problem while traveling.

It appears to me that Cooper is making a lot of assumptions, and using his credentials to give credibility to his anti-technology bias.

Indeed. There are both good things and bad things about taking laptops on vacation, but it's a choice that each person should make for themselves -- and if it makes sense for them, it's hardly "stupid."

from the reasonable-cause? dept

Following the release of Homeland Security's policies for searching laptops at the border, where the rules are, effectively, "anything goes," DHS boss Michael Chertoff claimed that laptop searches were only done when the border guard had a "suspicion" and placed that individual in "secondary inspection." However, Senator Russ Feingold has now hit back, pointing out that the official DHS policies say absolutely nothing about there needing to be a suspicion or that laptop searches only happen on secondary inspection. If Chertoff were being honest, why wouldn't those things be in the official policy? And, if Chertoff insists that DHS will only do searches when there is a real suspicion, what's wrong with following the "probable cause" standard that it insists it should be allowed to ignore? It's nice to see Senator Feingold asking these questions.

from the bad-potential-precedent dept

We've already explained how ridiculous it is for DHS to say that border patrol agents need to search laptops to prevent dangerous information from getting into the country. Obviously, if that was the intent of the individual, they'd just send the info electronically and not have to deal with any customs agents. Slashdot points us to a blog post by Steven M. Bellovin where he takes that same thought and flips it on its head, noting that, based on the DHS's statements, DHS may believe that it also has the right to scan any data entering or leaving the country. On top of that, he points out that this could potentially mean that if you encrypt that data you send over a border (say, via a VPN), you could potentially be violating laws that bans "hiding" goods that you send over the border. While the courts have not at all ruled in this way, you could pretty easily see the government making this sort of case.

from the your-middle-name-is-what-now? dept

The concept of a "trusted" or "verified" traveler program at airports has been shown as not particularly secure for years -- but it didn't stop the TSA from aggressively rolling out the program. There's no doubt that, for frequent travelers to locations participating in the "Clear" program, it's wonderful. You pay $100/year and you get to bypass all the security lines, and head to a special faster security screening line, supposedly because your background is already "cleared." As Bruce Schneier writes in the above link, in terms of security, all this really does is give those looking to break security a better target. Get some "terrorists" on the list, and you've just made life a lot easier.

Either that, or pretend to be someone on the list.

And what better way to do that then to get your hands on the details of everyone on the list. Well, it appears that the TSA has forgotten its middle name, and failed to protect its own laptop carrying the (unencrypted, of course) details of 33,000 people on the clear list (Update: to clarify, the laptop was actually lost by a TSA vendor, but considering these were applications made to the TSA, it's not clear that the difference here really matters). While it certainly may have just been lost or stolen by someone who wanted a free laptop, whoever has that laptop now has the names, addresses and driver's license or passport numbers of 33,000 applicants. It's unclear if it indicates which of those applicants were approved, but I would still imagine that info would be useful to someone looking to bypass airport security.

The company that runs the program, Verified Identity Pass, issued statement that isn't particularly comforting:

"We don't believe the security or privacy of these would-be members will be compromised in any way."

First of all, that's not true. If you've exposed people's names, addresses and driver's license or passport numbers, their security has certainly already been compromised. But, more importantly, rather than those individuals' security and privacy, I would be worried about overall airport security, which has now been compromised. Update: So, this is weird. The laptop has been found. Where was it? Right where it was last seen. Not clear if it was actually lost or someone just got confused or what -- but still not particularly comforting.

from the privacy-schmivacy dept

After courts repeatedly have ruled that border patrol customs agents can look through your computer hard drive, or even confiscate your computer, with no reasonable cause whatsoever, pressure from groups like the EFF have convinced Congress to investigate. As part of this process, the Department of Homeland Security has revealed its policies for border searches of electronic devices, and as you'd imagine, the policies are basically: "border patrol can do whatever it wants."

It does not need any reasonable cause. It take away your laptop for as long as it wants. It can copy the contents of your laptop and even share it with both other federal agencies and private entities for "language translation, data decryption or other reasons." Other reasons seems a bit broad.

We already explained how ridiculous the defense of this police was last month, by noting that it's not as if stopping this content at the border will actually prevent it from getting in the country. At that time we also pointed out how silly it was for a DHS supporter to claim that reasonable cause shouldn't be necessary because that's just not practical. That guy was unable to explain why it is practical throughout the rest of the country not to randomly search laptops, but at the border, suddenly it's not. However, this article now includes another defense from a customs official, saying that these searches "do not infringe on Americans' privacy." How do we know? Apparently, we just have to trust the DHS.

Luckily, this appears to be getting some attention from Congressional representatives who find the whole thing troublesome. The article notes that legislation to stop such searches will be forthcoming soon.

from the and-it'll-disappear-again-as-well dept

Every few years the press gets excited about the potential for fuel cell-powered laptops. And then the concept goes away. We wrote about in 2003, explaining why it wasn't a big deal, and again in 2005. So here we are in 2008 and, once again, we're hearing stories about new fuel cells for laptops that are going to be demoed (not, of course, actually put into production). The benefits of a fuel cell-powered laptop are that on a single cell, a laptop can last a lot longer (usually the estimate is about 10 hours). That sure beats the 3 to 5 hours most laptops get on traditional lithium-ion batteries today.

But... there's a huge problem with fuel cells that almost never gets discussed in the press: you need to keep buying replacements and then you need to carry those replacement fuel cell cartridges with you. It's like back to the bad old days when your consumer electronics products all had non-rechargeable, disposable batteries. It was a huge pain. That's why everyone switched to rechargeable batteries. When you switch to disposable fuel cells, then you're adding an ongoing expense (much greater than electricity) and forcing users to keep carrying around spares. Yes, for some folks that ability to go for a longer time without plugging in will be worth it -- but for plenty of people it seems like the "cost" is a lot worse than the benefit.

from the probable-cause-is-so-last-millennium dept

The courts have said that US Customs officials do not need probable cause to search laptops. While some Senators are questioning why Department of Homeland Security is searching laptops without probable cause, the administration is working hard to defend such searches at the border as reasonable. However, they're not making very much sense. The article trots out James Jay Carafano from the Heritage Foundation with a couple of interesting statements. Let's take them in order. First:

"The idea that we would create some kind of sanctuary for criminals and terrorists to carry things across the border to me is absolutely ludicrous."

Well, that's not just an exaggeration, it's wrong. Does Carafano actually believe that someone manually walking a laptop across the border is the only way that data gets across the border? Of course that's not true. Data flows across borders via the network all the time -- with no customs review whatsoever. No one is walking across the border with a laptop thinking that's the best way to get some data across the border. Then there's this statement:

"It's also unrealistic to require probable cause when you think about the millions of people a day who come in and go out of the country."

Let's just change a few words in that statement and see how Carafano feels about it: "It's also unrealistic to require probable cause when you think about the millions of people a day who walk up and down the streets of America." Yet, we don't hear Carafano pushing for a removal of probable cause for searches on the street, do we?

The border searches of laptops issue is a ridiculous one. Yes, it makes sense to search through what physical goods you might be bringing into the country -- because you specifically chose to bring those goods into the country. But the digital things you have stored on your laptop are an overall archive. You didn't choose to bring those specific things across the border -- and it's not like going through a border crossing is the best way to move that content across the border. There's simply no reason for why laptop searches should be allowed without probable cause.

from the can't-really-be-true,-could-it? dept

A whole bunch of people are submitting this, though, the explanation is not passing the sniff test. The story is that a bunch of laptop owners (mainly from Dell) are frustrated after discovering that their laptop soundcard configuration blocks the recording of audio, even though it's possible to enable it with a few tweaks. In other words, recording has effectively been turned off by the computer manufacturers. It didn't take long for rumors and speculation to assume that somehow the RIAA has been pressuring these computer makers to turn off sound. Of course, with the entertainment industry, sometimes it seems that no concept is too evil to believe that the industry wouldn't endorse. However, there seems to be no evidence whatsoever that the RIAA had any part in this. On the whole, it sounds like someone just made a bad decision in terms of how to configure certain sound cards. If someone can provide any evidence that the RIAA actually had a role in this, we'll post an update, but there's no reason to jump to conclusions without any evidence. That's what the RIAA does.

from the back-off,-customs dept

It would appear that the EFF's efforts to get Congress to look into laptop searches at the border has worked. This is over the question of whether or not it's legal, with no suspicion of wrongdoing, for customs officials to take your laptop and search through the contents. Even if the courts have said it's legal, it still seems quite troubling to many people who believe it's an unreasonable search. Some Senators have now asked Customs to reconsider its stance on this, with Senator Russ Feingold noting:

"If you asked [U.S. residents] whether the government has a right to open their laptops, read their documents and e-mails, look at their photographs, and examine the Web sites they have visited, all without any suspicion of wrongdoing, I think those same Americans would say that the government has absolutely no right to do that. And if you asked him whether that actually happens, they would say, 'not in the United States of America.'"

Somehow, I doubt that these hearings will lead to much, but at least someone in DC is concerned about this issue.